Commit Graph

4958 Commits (f4394b8e1158ce4efae5ee05ee4bf1e2231e036f)

Author SHA1 Message Date
alizademhdi fcd5c6b111 Upgrade alpine to 3.18.6 for security fixes 2024-03-15 16:01:27 +03:30
alizademhdi d93b4a01df Reduce vulnerabilities in alpine
The following vulnerabilities are fixed with an upgrade alpine from 3.18.2.to 3.18.5:
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
2024-03-15 14:22:15 +03:30
Sandeep Singh aaf3cf9cb3
Merge pull request #4884 from kiokuless/fix-rate-limiter
Fix overriding the predefined ratelimiter by WithGlobalRateLimit
2024-03-15 15:26:05 +05:30
Mzack9999 df67578d98
Merge pull request #4885 from debasishbsws/go-git-version-upgrade
update go-git version from v4 to v5 fix GHSA-449p-3h89-pw88 GHSA-mw99-9chc-xw7r
2024-03-15 00:44:56 +01:00
mzack d988de45f6 merge 2024-03-15 00:01:09 +01:00
mzack e523d3872c Merge branch 'dev' into maint-runner-cache 2024-03-14 23:46:50 +01:00
Mzack9999 b7f76cfd4b
Merge pull request #4833 from projectdiscovery/maint-memory
Adding memguardian + various optimizations
2024-03-14 23:39:43 +01:00
debasishbsw 1700cdf4e2
update go-git fix CVE-2023-49569 CVE-2023-49568
Signed-off-by: debasishbsw <debasishbsws.dev@gmail.com>
2024-03-14 10:26:08 +00:00
kiokuless 3a41f752e4 Use e.rateLimiter if it's not nil 2024-03-14 10:41:23 +09:00
dependabot[bot] d292ac8698
Merge pull request #4881 from projectdiscovery/dependabot/go_modules/google.golang.org/protobuf-1.33.0 2024-03-13 22:04:02 +00:00
GitHub Action f6d0b1cd95 Auto Generate Syntax Docs + JSONSchema [Wed Mar 13 22:02:48 UTC 2024] 🤖 2024-03-13 22:02:48 +00:00
sandeep 5d0b82c6a1 Fixed xpath doc escaping example 2024-03-14 03:30:37 +05:30
dependabot[bot] d27f56fd7e
chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 21:39:42 +00:00
Ice3man fa56800fcc
Fuzzing layer enhancements + input-types support (#4477)
* feat: move fuzz package to root directory

* feat: added support for input providers like openapi,postman,etc

* feat: integration of new fuzzing logic in engine

* bugfix: use and instead of or

* fixed lint errors

* go mod tidy

* add new reqresp type + bump utils

* custom http request parser

* use new struct type RequestResponse

* introduce unified input/target provider

* abstract input formats via new inputprovider

* completed input provider refactor

* remove duplicated code

* add sdk method to load targets

* rename component url->path

* add new yaml format + remove duplicated code

* use gopkg.in/yaml.v3 for parsing

* update .gitignore

* refactor/move + docs fuzzing in http protocol

* fuzz: header + query integration test using fuzzplayground

* fix integration test runner in windows

* feat add support for filter in http fuzz

* rewrite header/query integration test with filter

* add replace regex rule

* support kv fuzzing + misc updates

* add path fuzzing example + misc improvements

* fix matchedURL + skip httpx on multi formats

* cookie fuzz integration test

* add json body + params body tests

* feat add multipart/form-data fuzzing support

* add all fuzz body integration test

* misc bug fixes + minor refactor

* add multipart form + body form unit tests

* only run fuzzing templates if -fuzz flag is given

* refactor/move fuzz playground server to pkg

* fix integration test + refactor

* add auth types and strategies

* add file auth provider

* start implementing auth logic in http

* add logic in http protocol

* static auth implemented for http

* default :80,:443 normalization

* feat: dynamic auth init

* feat: dynamic auth using templates

* validate targets count in openapi+swagger

* inputformats: add support to accept variables

* fix workflow integration test

* update lazy cred fetch logic

* fix unit test

* drop postman support

* domain related normalization

* update secrets.yaml file format + misc updates

* add auth prefetch option

* remove old secret files

* add fuzzing+auth related sdk options

* fix/support multiple mode in kv header fuzzing

* rename 'headers' -> 'header' in fuzzing rules

* fix deadlock due to merge conflict resolution

* misc update

* add bool type in parsed value

* add openapi validation+override+ new flags

* misc updates

* remove optional path parameters when unavailable

* fix swagger.yaml file

* misc updates

* update print msg

* multiple openapi validation enchancements + appMode

* add optional params in required_openapi_vars.yaml file

* improve warning/verbose msgs in format

* fix skip-format-validation not working

* use 'params/parameter' instead of 'variable' in openapi

* add retry support for falky tests

* fix nuclei loading ignored templates (#4849)

* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command

* feat: issue tracker URLs in JSON + misc fixes (#4855)

* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes

* introduce `disable-unsigned-templates` flag (#4820)

* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Purge cache on global callback set (#4840)

* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* misc update

* add application/octet-stream support

* openapi: support path specific params

* misc option + readme update

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2024-03-14 03:08:53 +05:30
mzack a751993808 rename 2024-03-13 21:46:30 +01:00
mzack e9f6febe01 caching content + merging caches 2024-03-13 21:02:36 +01:00
mzack 3685379960 Merge branch 'dev' into maint-runner-cache 2024-03-13 20:16:27 +01:00
mzack 117d4a30e2 v. bump 2024-03-13 19:48:59 +01:00
mzack 397ad04540 Merge branch 'dev' into maint-memory 2024-03-13 19:31:45 +01:00
Dogan Can Bakir 66b722faaf
bump gozero (#4877) 2024-03-13 20:36:19 +05:30
Tarun Koyalwar 49ef5cbf16
handle 1 more edgecase (#4868)
* handle 1 more edgecase

* add integration test for this edgecase

* fix multi-http-var-sharing with integration test

* add -payload-concurrency (-pc) flag

* fix missing internal:true login in multiprotocol engine

* fix/handle absolute invalid url parsing

* support -pc & -jc in go sdk

* fix missing variables in code protocol operators

* add payload count parallelhttp check
2024-03-13 20:35:19 +05:30
mzack fd14472181 . 2024-03-13 03:16:40 +01:00
mzack cd289a81c9 tmp init 2024-03-13 02:59:34 +01:00
mzack cbda987288 fixing tests 2024-03-13 02:44:45 +01:00
mzack 4aff6d7189 merging caches + removing import cycle via type any 2024-03-13 02:27:15 +01:00
mzack 4b43bd0c65 . 2024-03-12 14:56:53 +01:00
mzack a335e4962e bla 2024-03-12 14:55:43 +01:00
mzack 946d81dc56 vers. bump 2024-03-11 22:22:17 +01:00
mzack a69a082247 u64 2024-03-11 21:47:52 +01:00
mzack 582bf865d2 lint 2024-03-11 21:06:56 +01:00
mzack d93454eee3 Merge branch 'dev' into maint-memory 2024-03-11 20:49:21 +01:00
mzack de9f9620d5 removing debug 2024-03-11 19:58:08 +01:00
mzack 29f4ac9160 lint 2024-03-11 19:54:23 +01:00
mzack e2cf5dda35 split active+passive guards 2024-03-11 19:48:56 +01:00
Ice3man a66b56fc79 change position of sdk text 2024-03-11 22:39:32 +05:30
mzack da38d4db20 pointing to util commit 2024-03-11 15:05:19 +01:00
mzack 3f295226ad Merge branch 'dev' into maint-memory 2024-03-11 15:03:14 +01:00
Dogan Can Bakir e9625d621f
add callback support to StandardWriter (#4839)
* add callback support to StandardWriter

* minor

* use multiwriter

* minor
2024-03-11 17:07:07 +05:30
dependabot[bot] fe4d5f05a1
Merge pull request #4862 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/interactsh-1.1.9 2024-03-11 06:26:48 +00:00
dependabot[bot] 4d67a3601d
chore(deps): bump github.com/projectdiscovery/interactsh
Bumps [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/projectdiscovery/interactsh/releases)
- [Changelog](https://github.com/projectdiscovery/interactsh/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/interactsh/compare/v1.1.8...v1.1.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/interactsh
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 06:06:33 +00:00
dependabot[bot] 5347106bce
Merge pull request #4859 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/httpx-1.6.0 2024-03-11 06:04:41 +00:00
dependabot[bot] 69b39d8ce6
chore(deps): bump github.com/projectdiscovery/httpx from 1.5.0 to 1.6.0
Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 05:45:02 +00:00
dependabot[bot] 3d3027873c
Merge pull request #4858 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/rawhttp-0.1.40 2024-03-11 05:44:01 +00:00
dependabot[bot] 3a2b5c8c96
chore(deps): bump github.com/projectdiscovery/rawhttp
Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.39 to 0.1.40.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases)
- [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.39...v0.1.40)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 05:23:53 +00:00
Mzack9999 ec4fb408c9
Purge cache on global callback set (#4840)
* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2024-03-11 02:59:55 +05:30
Dogan Can Bakir 9bd4db3f74
introduce `disable-unsigned-templates` flag (#4820)
* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2024-03-11 02:01:17 +05:30
Ice3man fd024a3e8d
feat: issue tracker URLs in JSON + misc fixes (#4855)
* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes
2024-03-10 22:02:42 +05:30
Tarun Koyalwar b1b4f0fe76
fix nuclei loading ignored templates (#4849)
* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command
2024-03-09 21:20:54 +05:30
mzack 6f6c1d3679 small change in calculation 2024-03-07 17:28:24 +01:00
mzack 89858a2ec8 . 2024-03-07 17:11:52 +01:00